Context-aware access control in pervasive environments using semantic-based policies

Computing is moving towards pervasive environments in which system components are expected to seamlessly integrate and deliver services in an anywhere and anytime fashion. In addition, technologies are expected to remain invisible from a user's point of view. The increasing use of portable devices helps to fulfill these expectations and creates a situation where a user's context, such as a user activity, is more dynamic. This introduces a new class of services called context-aware services which take the user's context into account. The idea of using contextual information comes from human to human communications where humans are able to use implicit situational information, or context, to increase the effectiveness of the communications.;In terms of access management, in pervasive environments, it is also necessary to minimize access control complexities and at the same time to allow users to gain access to services pervasively without difficulties. Policy based network management approaches address these problems by providing a means by which an administrative process can be simplified and largely automated. However, pervasive environments are founded on context, which is dynamic and unpredictable, and cannot be configured beforehand. A challenge lies in the fact that there needs to be a policy system that fully understands and can interpret high-level notions. In pervasive environments, these high-level notions refer to contexts of the situation which can change unpredictably and must be interpreted semantically to maintain proper access control.;This thesis addresses this challenge by designing and implementing a framework that supports a separation of context management and access management. Context management refers to the process of modeling, representing, monitoring, updating, and sharing contexts semantically by using Semantic Web languages. Access management focuses on using the contexts in attribute-based access control policies and enforcing them properly. A policy system is implemented by extending a standard attribute-based access control policy language, XACML, to incorporate the semantically defined contexts. This thesis is validated by a proof of concept implementation with performance measurement of the response time of the context management system and an analytical comparison of several different approaches compared with the approach taken in this thesis.